New Wallet Vulnerability Leads to $900K Theft from Bitcoin Users, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash, and Zcash Also at Risk –  Report

Libbitcoin, a Bitcoin wallet implementation used by developers and validators to create crypto accounts, has been compromised according to blockchain security firm SlowMist. Investigation into the vulnerability of the Libbitcoin Explorer 3.x library disclosed that more than $900,000 has so far been stolen from Bitcoin users. Users of other cryptos including Ethereum, Dogecoin, Ripple, Solana, Bitcoin Cash, Litecoin, and Zcash who use Libbitcoin for their accounts are reportedly not safe and are advised to transfer all funds to secure wallets.

We strongly advise all users utilizing the Libbitcoin Explorer 3.x versions to immediately cease using the affected wallets and transfer funds to secure wallets. Be sure to use a verified, secure random number generation method to generate new wallets.

The blockchain security firm explains that the vulnerability stems from the implementation of the pseudo-random number generator (PRNG) in the Libbitcoin Explorer 3.x versions. Upon assessment, it was observed that implementation used the Mersenne Twister algorithm as well as utilizing 32 bits of time as seed. This means threat actors would need just a few days to brute force the private keys of users

Libbitcoin is currently used by Airbitz (mobile wallet), Cancoin (decentralized exchanges), Blockchain Commons (decentralized wallet Identity), etc. However, none of these were specified to be affected by the vulnerability

More on the Libbitcoin Vulnerability

In a report found on the CVE cybersecurity vulnerability database, the Libbitcoin Explorer was said to have a faulty key generation mechanism. This makes it easier for threat actors to guess private keys. According to SlowMist, hackers made away with 9.7441 BTC ($278,318) in one attack. The initial action was to contact exchanges to prevent the attacker from withdrawing the funds

Buy XRP quickly and securely with PayPal, credit card or bank transfer at eToro. Visit Website <<A Distrust team which had four members and eight freelancers was said to have discovered the vulnerability. According to them, a loophole is created whenever a user utes the “bx seed” command to generate a wallet seed. The command in most cases generates the same seed for multiple persons. In other words, it lacks sufficient randomness. The whole discovery was said to have begun when a Libbitcoin user contacted them about the mysterious disappearance of his Bitcoin on July 21. The user earlier reached out to other Libbitcoin users for explanations on why his wallet is empty without a trace, only to find out that “he was not alone.”

Following these concerns, reporters reached out to Libbitcoin Institute member Eric Voskuil for a comment. Interestingly, he clarified that the “bx seed” is not meant to be used in production wallets. Rather, it is intended as “a convenience for when the tool is used to demonstrate behavior that requires entropy.” He further stated that if people used it for production key seeding, then the warning is not sufficient. For now, they intend to make changes in a few days by either removing the command altogether or strengthening the warning against production use

Wallet vulnerabilities have contributed to millions of dollars lost on ious exchanges. In June, the hack of Atomic Wallet saw hackers stealing about $100 million. Most of these are linked to negligence. Cybersecurity certification platform CER recently disclosed that only 6 out of 45 wallet brands used penetration testing to uncover vulnerabilities

Best Crypto Exchange for Everyone:

• Invest in Ripple (XRP) and 70+ cryptocurrencies and 3,000 other assets.
• 0% commission on stocks – buy in bulk or just a fraction from as little as $10.
• Copy top-performing traders in real time, automatically.
• Regulated by financial authorities including FAC and FINRA.

2.8 Million Users Get Started